problem with file assassian and malwarbytes antimalware

[peter gong]

I scanned my computer with malwarebytes antimalware when it detect sfc_os.dll as trojan.spambot.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4171

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/5/2010 9:07:12 PM

mbam-log-2010-06-05 (21-07-12).txt

Scan type: Full scan (C:\|)

Objects scanned: 302249

Time elapsed: 3 hour(s), 0 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\minint\system32\sfc_os.dll (Trojan.Spambot) -> Delete on reboot.

after i looked for sfc_os.dll i tried to unregister it but it failed. Then i tried to delete it but it was locked. When i tried to unlock it with file assassian the blue screen showed up. Please help!

[noknojon]

Description -

sfc.dll is a file that contains functions used to monitor system files for validity. It belongs to the Microsoft Windows environment.

sfc_os.dll - sfc_os - DLL - Information DLL Name: Microsoft Windows File Protection

I hope you did not delete the full file - It is required for working your system -

There may have been an infection in that area but you should have removed the infection with a Full Scan -

Thank You -

EDIT - The Files that are infected do not always need fully removing - Just cleaning -

You will find that many times they are important files , so just clean (quarantine) do not look to remove the file -

[turnader]

sfc_os.dll - sfc_os - DLL - Information DLL Name: Microsoft Windows File Protection

I hope you did not delete the full file - It is required for working your system -

There may have been an infection in that area but you should have removed the infection with a Full Scan -

Thank You -

I have the same issue here. Newest definitions same as OP.

Is there a chance this is a false positive? I haven't done anything with the detected files yet. I have two files reported infected as follows:

Trojan.Spambot File c:\minint\system32\sfc_os.dll

Trojan.Spambot File c:\minint\system32\sfc_os.dll.LENDEL

[noknojon]

Hi turnader -

You can always hit the Quarantine tab to remove any threat in that area -

The main .dll can become infected but the infection can be removed from there with Malwarebytes -

Always run a Full Scan after you remove any problem to make sure it is no longer active -

Thank You -

EDIT - I hope you still removed (quarantined) the problem you have shown -

[gtyhfy]

@turnader

First have an update with the MBAM database. At the time of posting this post, the database version is 4172.

Have a quick scan and see whether it still exists.

If you suspect it is a FP, you may check it by using some online file scanner like:

Virus total: http://www.virustotal.com

Jotti: http://virusscan.jotti.org

Upload the file in question, then you can see whether it is clean. If the website said the file has been scanned, press rescan.

If you find that the file is clean by using the above scanner, and want to ask whether it is a FP, then please follow the instructions HERE, post a new topic with the developer log and attach zipped file(s) in question at the False Positives forum. The developer will investigate then.

Follow the advice noknojon given at the post above if it turns out it is a patched file.

Thanks

Edit - adding information and correct typo.